splunk/DECEIVE
1
0
Fork 0
mirror of https://github.com/splunk/DECEIVE.git synced 2025-07-01 16:47:28 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fixed server_version_string setting

Browse Source 
The config template specified the default server version string as "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3" but the SSH module automatically prepends "SSH-2.0-" to the beginning. This gave the version string returned to the client a potential fingerprint that could be used to easily identify DECEIVE honeypots. Updated the default value and added comments to document this behavior.
This commit is contained in:
David J. Bianco
2025-02-13 13:19:21 -05:00
parent 9844f2f59b
commit d9ba6b3b61
1 changed files with 4 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
SSH/config.ini.TEMPLATE
View File

@ -18,8 +18,10 @@ port = 8022
# The host key to use for the SSH server. This should be a private key.
# See the README for how to generate this key.
host_priv_key = ssh_host_key
# The server version string to send to clients.
server_version_string = SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
# The server version string to send to clients. The SSH server automatically
# prepends "SSH-2.0-" to this. So "OpenSSH_8.2p1 Ubuntu-4ubuntu0.3" will
# be transformed to "SSH-2.0-OpenSSH_8.2p1 Ubuntu-4ubuntu0.3".
server_version_string = OpenSSH_8.2p1 Ubuntu-4ubuntu0.3
# Settings to configure which LLM backend to use. Only one stanza
# should be uncommented at a time.